OVERVIEW - OVERVIEW - OVERVIEW - OVERVIEW - OVERVIEW
What is packet sniffing or promiscuous mode and
why should I care? If a computer on your network is packet
sniffing or in promiscuous mode, it is viewing all network traffic on its
local network. It can see clear-text passwords, email, and file
transfers. This information in the hands of an attacker can allow him or
her to penetrate deeper into your network.
|
Network communication can be likened to large group of people standing
together in a room and talking. When people talk to each other, others
nearby have the ability to listen in. When computers communicate over
networks, they normally only listen to communications destined to
themselves. However, they also have the ability to enter promiscous mode,
which allows them to listen to communications that are destined to other
computers.
When an attacker successfully compromises a computer, they install what is
known as a packet sniffer, a tool that puts the computer into promiscous
mode, thus allowing them to monitor and record all network communications.
The private information they gather, such as account names, passwords,
credit cards, and even email, is then used to compromise other computers.
This is how, from one weak computer in a computer network, many computers
and the information they contain can be compromised. Up until now, it has
been impossible for network administrators to remotely detect if computers
were listening in on all network communications.
AntiSniff stops all this, by giving network
administrators and information security professionals the ability to
remotely detect computers that are packet sniffing, regardless of the
operating system. AntiSniff works by running a
number of non-intrusive tests, in a variety of fashions, which can
determine whether or not a remote computer is listening in on all network
communications. Now it is impossible for an attacker who is sniffing to
hide.
Current network security tools, such as network scanners, work by probing
machines for software that contains bugs or software that's misconfigured.
Intrusion Detection Systems (IDS), work by finding malicious signatures in
network traffic. AntiSniff, on the other hand, is the first of it's kind,
it remotely detects the passive act of eavesdropping on network
communications. It will even detect packet sniffers installed by a rogue
insider who may have legitimate administrative access to a machine, but
still should not be monitoring all network traffic.
NEXT PAGE
|